diff options
author | thierry <thierry@FreeBSD.org> | 2006-10-09 05:26:27 +0800 |
---|---|---|
committer | thierry <thierry@FreeBSD.org> | 2006-10-09 05:26:27 +0800 |
commit | 1db769b2a2c568a644c78b5353eb2904220c0fd5 (patch) | |
tree | dd77c83fa50bd647f5b72b016f02e85d2df3fac7 /graphics | |
parent | bf23c398d28c7740c0c43fcf48a1c2f41aaef4c0 (diff) | |
download | freebsd-ports-gnome-1db769b2a2c568a644c78b5353eb2904220c0fd5.tar.gz freebsd-ports-gnome-1db769b2a2c568a644c78b5353eb2904220c0fd5.tar.zst freebsd-ports-gnome-1db769b2a2c568a644c78b5353eb2904220c0fd5.zip |
Import a patch from Gentoo bug #127008 to fix CVE-2006-1060.
Security: VuXML ID: a813a219-d2d4-11da-a672-000e0c2e438a
Diffstat (limited to 'graphics')
-rw-r--r-- | graphics/zgv/Makefile | 5 | ||||
-rw-r--r-- | graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff | 69 |
2 files changed, 70 insertions, 4 deletions
diff --git a/graphics/zgv/Makefile b/graphics/zgv/Makefile index 01790fc669ee..40033a58eae8 100644 --- a/graphics/zgv/Makefile +++ b/graphics/zgv/Makefile @@ -7,6 +7,7 @@ PORTNAME= zgv PORTVERSION= 5.9 +PORTREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SUNSITE} MASTER_SITE_SUBDIR= apps/graphics/viewers/svga @@ -14,10 +15,6 @@ MASTER_SITE_SUBDIR= apps/graphics/viewers/svga MAINTAINER= ports@FreeBSD.org COMMENT= Graphics viewer for SVGAlib -FORBIDDEN= http://vuxml.freebsd.org/a813a219-d2d4-11da-a672-000e0c2e438a.html -DEPRECATED= ${FORBIDDEN} -EXPIRATION_DATE=2006-12-01 - LIB_DEPENDS= tiff.4:${PORTSDIR}/graphics/tiff \ vga.1:${PORTSDIR}/graphics/svgalib \ jpeg.9:${PORTSDIR}/graphics/jpeg \ diff --git a/graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff b/graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff new file mode 100644 index 000000000000..720011facbd9 --- /dev/null +++ b/graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff @@ -0,0 +1,69 @@ +--- src/readjpeg.c.orig Sun Oct 31 15:54:26 2004 ++++ src/readjpeg.c Sun Oct 8 22:43:59 2006 +@@ -92,11 +92,18 @@ + int *real_width,int *real_height) + { + static FILE *in; ++/* ++Patch imported from Gentoo Bug #127008 to fix CVE-2006-1060 ++VuXML ID a813a219-d2d4-11da-a672-000e0c2e438a ++<http://bugs.gentoo.org/show_bug.cgi?id=127008> ++*/ ++static int cmyk; + struct my_error_mgr jerr; + int row_stride; /* physical row width in output buffer */ + int tmp,f; +-unsigned char *ptr; ++unsigned char *ptr,*ptr2; + ++cmyk=0; + use_errmsg=0; + theimage=NULL; + howfar=howfarfunc; +@@ -161,6 +168,15 @@ + pal[f]=pal[256+f]=pal[512+f]=f; + } + ++if(cinfo.jpeg_color_space==JCS_CMYK) ++ cmyk=1; ++ ++if(cinfo.jpeg_color_space==JCS_YCCK) ++ { ++ cmyk=1; ++ cinfo.out_color_space=JCS_CMYK; ++ } ++ + width=cinfo.image_width; + height=cinfo.image_height; + +@@ -191,7 +207,7 @@ + } + + if(WH_BAD(width,height) || +- (theimage=(byte *)malloc(pixelsize*width*height))==NULL) ++ (theimage=(byte *)malloc(pixelsize*width*(height+cmyk)))==NULL) + { + jpegerr("Out of memory"); /* XXX misleading if width/height are bad */ + longjmp(jerr.setjmp_buffer,1); +@@ -222,7 +238,20 @@ + while(cinfo.output_scanline<height) + { + jpeg_read_scanlines(&cinfo,&ptr,1); +- for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; } ++ if(!cmyk) ++ for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; } ++ else ++ { ++ ptr2=ptr; ++ for(f=0;f<width;f++,ptr+=3,ptr2+=4) ++ { ++ tmp=ptr2[3]; ++ ptr[0]=(tmp*ptr2[2])/255; ++ ptr[1]=(tmp*ptr2[1])/255; ++ ptr[2]=(tmp*ptr2[0])/255; ++ } ++ } ++ + if(howfar!=NULL) howfar(cinfo.output_scanline,height); + } + |